Customer Needs Assessment
The Human Factor
The Human Factor
In addition to evaluating your company’s requirements, you must consider what it will take to implement the necessary network access controls and endpoint integrity. Specifically, you must consider factors, such as:
■How much control does your IT group or department have over directory services, infrastructure devices, and endpoints?
■Does your IT department have enough resources?
■How will you enlist users’ cooperation?
Control over Network Resources
The ability to implement access controls and endpoint integrity depends in part on the level of control the IT staff has over network resources. For example, some endpoint integrity solutions require administrator access to the directory server or the ability to open ports on a router. Do you manage the servers and directory service for your company, or are these devices managed by a separate IT group than the one that manages the switches and routers? If the devices are managed by different groups, how well do the two groups work together? For example, if your group manages the switches and routers, will you be able to get the administrator password for the company’s directory service?
You must also consider how much control you have over endpoints. Can you dictate the security options that are set on workstations? Can you require endpoints to be tested and forced into compliance before they connect fully to the network?
If you do not have the control necessary to implement endpoint integrity, what steps must you take to convince management and users that security compli- ance is necessary? (“Users’ Cooperation” on page